Present-day Internet communications represent the synthesis of technical developments begun in the 1960s—the development of a system to support communications between different United States military computer networks, and the subsequent development of a system to support the communication between research computer networks at United States universities. These technological developments would subsequently revolutionize the world of computing.
The Internet, like so many other high tech developments, grew from research originally performed by the United States Department of Defense. In the 1960s, Defense Department officials began to notice that the military was accumulating a large collection of computers—some of which were connected to large open computer networks and others that were connected to smaller closed computer networks. A network is a collection of computers or computer-like devices communicating across a common transmission medium. Computers on the Defense Department's open computer networks, however, could not communicate with the other military computers on the closed systems.
Defense Department officials requested that a system be built to permit communication between these different computer networks. The Defense Department recognized, however, that a single centralized system would be vulnerable to missile attacks or sabotage. Accordingly, the Defense Department required that the system to be used for communication between these military computer networks be decentralized and that no critical services be concentrated in vulnerable failure points. In order to achieve these goals, the Defense Department established a decentralized standard protocol for communication between network computers.
A few years later, the National Science Foundation (NSF) wanted to connect network computers at various research institutions across the country. The NSF adopted the Defense Department's protocol for communication, and this combination of research computer networks would eventually evolve into the Internet.
Internet Protocols
The Defense Department's communication protocol governing data transmission between computers on different networks was called the Internet Protocol (IP) standard. The IP standard now supports communications between computers and networks on the Internet. The IP standard identifies the types of services to be provided to users, and specifies the mechanisms needed to support these services. The IP standard also specifies the upper and lower system interfaces, defines the services to be provided on these interfaces, and outlines the execution environment for services needed in the system.
A transmission protocol, called the Transmission Control Protocol (TCP), was also developed to provide connection-oriented, end-to-end data transmission between packet-switched computer networks. The combination of TCP with IP (TCP/IP) forms a system or suite of protocols for data transfer and communication between computers on the Internet. The TCP/IP standard has become mandatory for use in all packet switching networks that connect or have the potential for utilizing connectivity across network or sub-network boundaries.
The TCP/IP Protocol
In a typical Internet-based communication scenario, data is transmitted from an applications program in a first computer, through the first computer's network hardware, and across the transmission medium to the intended destination on the Internet. After receipt at a destination computer network, the data is transmitted through the destination network to a second computer. The second computer then interprets the communication using the same protocols on a similar application program—only in reverse order. Because standard protocols are used in Internet communications, the TCP/IP protocol on the second computer decodes the transmitted information into the original information transmitted by the first computer.
One of the rules in TCP/IP communications is that a computer user does not need to get involved with details of data communication. In order to accomplish this goal, the TCP/IP standard imposes a layered communications system structure. All the layers are located on each computer in the network, and each module or layer is a separate component that theoretically functions independent of the other layers. As an alternative, User Datagram Protocol (“UDP”) supports the same type of layered protocol communication system, but with less accuracy checking on message content than the TCP/IP protocol.
TCP/IP and its related protocols form a standardized system for defining how data should be processed, transmitted and received on the Internet. TCP/IP defines the network communication process, and more importantly, defines how a unit of data should look and what information the message should contain so that the receiving computer can interpret the message correctly. Because of the standardized layer design of TCP/IP, a consistent conversion of base data is ensured regardless of the version or vendor of the TCP/IP conversion software.
TCP/IP Addressing and Routing
A computer operating on a network is assigned a unique physical address. On a Local Area Network (“LAN”), the physical address of the computer is a number given to computer's network adapter card. Hardware LAN protocols use this physical address to deliver packets of data, sometimes called information packets, to computers on the LAN.
On the Internet, the TCP/IP protocol routes information packets using logical addressing. The network software in the Network Layer generates logical addresses. Specifically, a logical address in the TCP/IP network is translated into a corresponding physical address using the ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol) protocols in the Network Layer.
The TCP/IP's logical address is also called an IP address. The IP address can include: (1) a network ID number identifying a network, (2) a sub-network ID number identifying a sub-network on the network, and, (3) a host ID number identifying a particular computer on the sub-network. The header data in the information packet will include source and destination addresses. The IP addressing scheme imposes a sensible addressing scheme that reflects the internal organization of the network or sub-network.
A computer network is often subdivided into smaller sub-networks. The computer network is divided in this manner to increase data transmission efficiency and reduce overall network traffic. Routers are used to regulate the flow of data into and out of designated sub-networks of the computer network.
A router interprets the logical address of an information packet, such as an IP address, and directs the information packet across the network to its intended destination. Information packets addressed between computers on the sub-network do not pass through the router to the greater network, and therefore does not clutter the transmission lines of the greater network. If data is addressed to a computer outside the sub-network, however, the router forwards the data onto the larger network.
The TCP/IP network includes protocols that define how routers will determine the path for data through the network. Routing decisions are based upon information in the IP packet header and entries in each router's routing table. A routing table possesses sufficient information for a router to make a determination on whether to accept the communicated information on behalf of a destination computer, or pass the information onto another router in the network. The routing table also permits the router to determine where the information should be forwarded within the network or sub-network.
The routing table can be configured manually with routing table entries or a dynamic routing protocol that can accommodate changing network topologies—network architecture, network structure, layout of routers, and interconnections between hosts and routers. In a dynamic routing protocol, a router advertises reachability when it sends updated routing information to a second router claiming that the first router is capable of reaching one or more destination addresses. Advertising accessibility is important to the process of receiving, directing and redirecting information packets on the Internet.
The IP-Based Mobility System
Internet protocols were originally developed with an assumption that Internet users, which are assigned a unique IP address, would be connected to a single, fixed network—that is, one physical fixed location. With the advent of portable computers and cellular wireless communication systems, however, the movement of Internet users within a network and across network boundaries has become quite common. Because of this highly mobile Internet usage, the implicit design assumptions for the Internet protocols have been violated.
The IP-based mobile system includes at least one Mobile Node in a wireless communication system. The term “Mobile Node” includes a mobile communication unit, and, in addition to the Mobile Node, the communication system has a home network and a foreign network. The Mobile Node may change its point of attachment to the Internet through these other networks, but the Mobile Node will always be associated with a single Mobile Node home network for IP addressing purposes.
The home network has a Home Agent and the foreign network has a Foreign Agent—both of which control the routing of information packets into and out of their network.
Registration of a Mobile Node
The Mobile Node keeps the Home Agent informed of its current location by registering a care-of address with the Home Agent. Essentially, the care-of address represents the current foreign network where the Mobile Node is located. If the Home Agent receives an information packet addressed to the Mobile Node while the Mobile Node is located on a foreign network, the Home Agent will “tunnel” the information packet to the Mobile Node's current location on the foreign network via the applicable care-of address.
The Foreign Agent participates in informing the Home Agent of the Mobile Node's current care-of address. The Foreign Agent also de-tunnels information packets for the mobile node after the information packets have been forwarded to the Foreign Agent by the Home Agent. Further, the Foreign Agent serves as a default router for out-going information packets generated by the mobile node while connected to the foreign network.
Foreign Agents and Home Agents periodically broadcast an agent advertisement to all nodes on the local network associated with that agent. An agent advertisement is a message from the agent on a network that may be issued under the Mobile IP protocol (RFC 2002) or any other type of communications protocol. This advertisement should include information that is required to uniquely identify a mobility agent (e.g. a Home Agent, a Foreign Agent, etc.) to a mobile node. Mobile Nodes examine the agent advertisement and determine whether they are connected to the home network or a foreign network.
If the Mobile Node is located on its home network, no additional actions need to be taken because information packets will be routed to the Mobile Node according to the standard addressing and routing scheme. If the Mobile Node is visiting a foreign network, however, the Mobile Node obtains appropriate information from the agent advertisement, and transmits a registration request message to its Home Agent. The registration request message will include a care-of address for the Mobile Node.
The registered care-of address identifies the foreign network where the mobile node is located, and the Home Agent uses this registered care-of address to tunnel information packets to the foreign network for subsequent transfer to the mobile node. A registration reply message may be sent to the Mobile Node by the Home Agent to confirm that the registration process has been successfully completed.
Authenticate, Authorize and Accounting (“AAA”)
In an IP-based mobile communications system, the Mobile Node changes its point of attachment to the network while maintaining network connectivity. The Mobile IP Protocol (RFC 2002) assumes that mobile IP communications with a Mobile Node will be performed on a single administrative domain or a single network controlled by one administrator.
When a Mobile Node travels outside its home administrative domain, however, the Mobile Node must communicate through multiple domains in order to maintain network connectivity with its home network. While connected to a foreign network controlled by another administrative domain, network servers must authenticate, authorize and collect accounting information for services rendered to the Mobile Node. This authentication, authorization, and accounting activity is called “AAA”, and AAA servers on the home and foreign network perform the AAA activities for each network.
Authentication is the process of proving someone's claimed identity, and security systems on a mobile IP network will often require authentication of the system user's identity before authorizing a requested activity. The AAA server authenticates the identity of an authorized user, and authorizes the Mobile Node's requested activity. Additionally, the AAA server will also provide the accounting function including tracking usage and charges for use of transmissions links between administrative domains.
Mobile IP Extensions
Extensions, as defined in different IP protocols, support the transmission of variable amounts of information in an information packet, the registration of a Mobile Node, or the AAA functions performed by AAA network servers. The general extension mechanism allows appropriate information to be carried by a control message or similar types of discovery messages, agent advertisements, registration requests, or registration replies.
Virtual Private Networks
A Virtual Private Network (VPN) emulates a private internet network over a shared physical infrastructure. By way of example a VPN can reside within a LAN system, or on one of several different servers on one or more service providers. A VPN can thus span multiple computer servers or systems and multiple VPNs can co-exist within this host infrastructure, but the VPN does not exist on non-host infrastructures.
A VPN can be used to extend the IP capability of a corporate network to remote offices or users possessing internet, extranet, or dial-up services. In this way, connectivity in the same manner as a dedicated private network can be achieved without the necessity of funding for equipment and support infrastructure.
A service provider, or other network structure, provides the physical system and computer infrastructure within which the “virtual” network resides. In this manner, the VPN can function much the same as a single, physical network despite the intervening host infrastructure. A number of different types of VPNs are suggested in RFC 2764, but this is by no means an exhaustive list of possible VPN constructs. The distinguishing hallmark of a VPN is that it is a single, logical network found on a public or private computer infrastructure and the VPN may reside upon one or more autonomous systems.
Tunneling
The general IP communication protocol with Home Agents, Mobile Nodes, and Foreign Agents occurs thusly:                1. Home Agents and Foreign Agents advertise their presence on any attached links by periodically broadcasting agent advertisements.        2. Mobile Nodes receive the agent advertisement and compares the advertisement with their stored communication protocols to determine if they are connected to a Foreign Agent.        3. If connected to a Foreign Agent, the Mobile Node acquires a care-of address, which is read from the data fields within the Foreign Agent's agent advertisement.        4. The Mobile Node registers the care-of address with its Home Agent by forwarding a Registration Request Message (IPV4 standard) or Binding Update Message (IPV6 standard) to the Home Agent.        5. The Home Agent takes any data packets addressed to the Mobile Node and tunnels them to the Mobile Node by encapsulating the data packet with the care-of address.        6. The data packet is “tunneled” to the care-of address, where the Foreign Agent decapsulates the original data packet from the tunnel and delivers the data packet to the Mobile Node. The Foreign Agent serves as the router for all the data packets generated by the Mobile Node.        
Tunneling is the basic methodology in IP communication by which a data packet is routed to the appropriate internet node through an intermediate internet address. Typically, a data packet with network routing is “encapsulated” by IP address information.
Encapsulation involves adding an outer IP header to the original IP header fields. In this manner, a “tunnel” can be constructed. The outer IP header contains a source and destination IP address—the “endpoints” of the tunnel. The inner IP header source and destination addresses identify the original sender and destination addresses.
The original sender and recipient addresses remain unchanged, while the new “tunnel” endpoint addresses are grafted upon the original data packet. This alters the original IP routing by delivering the data packet to an intermediate destination node (in this case the Foreign Agent), where it is “decapsulated” or “de-tunneled” yielding the original data packet and routing. The packet is then delivered according to the destination found in the original IP address.
The important concept to keep in mind is that the “tunnel” is established by encapsulating a data packet containing the original IP address of the Mobile Node and an IP source address with the intermediate routing IP address (i.e. care-of address) of the foreign network. After the Foreign Agent decapsulates the data packet, the Foreign Agent in turn routes the data packet using the assigned Home Address of the Mobile Node found in the original data packet.